4

Is there any way to decrypt tor traffic from an exit node or relay? I know it's possible to analyze the traffic using something like tcpflow or tcpdump, but it comes back as encrypted giberish. Is there any way to decrypt it?

Joshua Terrill
  • 239
  • 3
  • 6
  • 2
    If there was a way to "decrypt tor traffic," TOR would not be a very useful thing. TOR encryption is well documented and you can read up on it. Basically, the answer is no, but the question isn't very useful. – Herringbone Cat Jun 23 '15 at 01:08
  • 4
    The question isn't useful to anyone that already knows the answer. It's perfectly useful if you don't. – Steve Sether Jun 23 '15 at 01:19
  • Are you good at factoring? – Neil McGuigan Jun 23 '15 at 04:33
  • how about dns sniffing?If client isn't encapsulate DNS-requests traffic into tor network and requested only internet (not tor internal) resources you can capture network packets between client and DNS-server,also note that works only througth tor network,will encapsulated DNS-requests. – BlueBerry - Vignesh4303 Jun 23 '15 at 09:55
  • Traffic out of an Exit node or relay is already completely decrypted with the Tor session keys. [Tor never guarantees security, only anonymity.](http://security.stackexchange.com/questions/72679/differences-between-using-tor-browser-and-vpn) – RoraΖ Jun 23 '15 at 11:09
  • @raz: Tor doesn't guarantee anonymity either, if you send personally identifiable data over the Tor connection without an additional end-to-end encryption, the Tor exit node can trivially obtain ny unencrypted data you send over the exit node. The only thing that Tor guarantee is that Tor itself does not leak anonymity; your traffic may leak your anonymity. – Lie Ryan Jun 23 '15 at 13:28
  • @LieRyan That's a good distinction to make! – RoraΖ Jun 23 '15 at 13:33

1 Answers1

6

If you sniff on the exit node and the connection is not https/hidden service, then you will have the traffic in clear but you will not be able to know from who it came. Unless the traffic itself is revealing the identity.

In other cases, as far as we know, you can't decrypt tor. As other said, tor will be useless if it was possible.

r00t
  • 1,104
  • 8
  • 16